Lightweight and Modular Proxy

Yiannis

Contents

Description

This project aims to provide a lightweight "bridge/proxy" to allow
users in censored areas to access the Internet. In particular, we
target commercially available Access Points to allow users to
contribute to the Tor network using their always-on, low cost, home gateways. We
show how such a bridge can be used to access the Tor network or
specific websites.

How It Works

Background

A Tor relay (or bridge) can be either a dedicated server, or a
user's laptop/PC which acts as a relay while the user is on the Tor
network. The first introduces a significant barrier for running a
Tor relay, while the latter results to transient nodes with limited
uptime, and requires continuous configuration for NAT traversal
etc. Our goal is to make it easier for somebody to contribute to
such networks. We note that most users own a network gateway at
their homes (router/wireless AP) which while limited in
resources(~4/8MB Flash, 8/16MB Ram memory), is always
on. Torouter,
builds a Tor relay for such devices, but it's limited to few
high-end models as a full Tor relay requires more resources than
it's typically found in these boxes.

Overview

We note that networks like Tor provide two main benefits to the end
user: i) connectivity through firewalls in
censored areas, and ii) anonymity which prevents him from being
detected/tracked. Focusing on connectivity, we build a
lightweight bridge that allows users in censored areas to reach
the Tor network. The bridge doesn't do onion routing, but a rather
simple proxying between the user and the Tor network, adding
capabilities for rate-limiting and admission control. Besides,
it can be easily extended to enable traffic other than Tor, for
example direct access to blocked websites.

System Details

The user within the censored area asks the bridge to create a
tunnel of type TOR to a selected Tor relay. The bridge holds the
latest consensus from the Tor directories, listing valid relay
nodes. He checks the Tor-client's tunnel request against this list,
which is being granted or rejected and the tunnel is created
accordingly. Similarly the user may ask a tunnel of type WEB, which
the bridge can check against a list of IP/domain-based rules.

How to Use It

The bridge is available as an OpenWrt application. OpenWrt is a Linux
distribution for home gateways. Source code and links for
pre-compiled package/firmware are
available here.
To connect your Tor client or Web browser (tested with Firefox) to the
bridge, set your proxy configuration with IP:port address of the
bridge under the SOCKS4 option.